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REMARKS 

Claims 1-29 are pending in the present application. Claims 2, 3, 12, 13, 22, and 
23 are amended to replace the trademark word "Java" with the phrase "platform 
independent" as suggested in the Office Action. Reconsideration of the claims is 

respectfully requested. 

Amendments to the specification are made to capitalize the trademark "JAVA" 
and to correct a reference number. Also, the sped (ication is amended to include a 
reference to "DVD 282" as suggested in the Office Action. 

I. 35 U.S.C. S 112, Second P aragraph 

The Office Action rejects claims 2, 3, 12, 13. 22, and 23 under 35 U.S.C. § 1 12, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter, which Applicants regard as the invention. This rejection is 
respectfully traversed. 

As to claims 2, 3, 12, 13, 22, and 23, the Office Action states: 

References to trademarks in claims or using trademarks as pari of claims 

should not be used. The trademarked term rote* to the source of the goods and 

not the technical merits of those goods. 

Office Action doled October 27, 2003, page 2. 

Claims 2, 3, 12, 13, 22, and 23 arc amended to replace the trademark word "Java" 
with the phrase "plallbrm independent" as suggested by the Office Action. Therefore the 
rejection of claims 2, 3,12,1 3, 22, and 23 under 35. U.S.C. § 1 1 2, second paragraph has 

been overcome. 

1F 35 U.S.C. § 102. Allege! Anticipation Ba,*.od o n McManis 

The Office Action rejects claims 1, 2, 4-6, 11,12, 14-16, 21, 22, 24-26 under 35 
U.S.C. § 102(b) as being allegedly anticipated by McManis (U.S. Patent Number 
5,692,047). This rejection is respectfully traversed 
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As lo independent claims 1,11 and 21, the Office Action stales: 

Regarding Claims 1 , McManis teacher A method of verifying the 

integrity of uuauthenlieatcd code, comprising: 

a receiving automatically authenticalrd code, the automatically 

authenticated code including an embedded first hash value of the unaulhcnlicated 

code (coh 10 lines 64-col. 1 1 lines 1-2); 

b. receiving the unauthenticated code; generating a second hash value ot 
the unauthenticated code (col. 1 1 lines 2-9); 

c. comparing the first hash value and the second hash (col. 11 lines 10-25); 

d. verifying the integrity of the unautlicnticated code ifthc first hash value 
and die second hush value match (col 1 1 lines 10-25). 

Claims 11,12, 14-16, 21, 22, 24-26 are rejected for the same reasons 
outlined above. 

Office Action dated October 27, 2003, pages 4-5. 

Independent claim 1, which is representative of the other rejected independent 
claims 1 1 and 21 with regard to similarly recited subject matter, reads as follows: 

1 , A method or verifying the integrity of unauthenticated code, comprising: 
receiving automatically authenticated code, the automatically 

authenticated code including an embedded Just hash value of the unauthenticated 

code; 

receiving the unauthenticated code; 

generating a second hash value of the unauthenticated code; 
comparing the first hash value and the second hash value; and 
verifying the integrity of the unauthenticated code if the first hash value 
and the second hash value match. 

A prior art reference anticipates the claimed invention under 35 U.S.C. § 102 only 
if every element of a claimed invention is identically shown in that single reference, 
arranged as they are in the claims. In re Bond, 910 F.2d 831, 832, 15 U.S.P.Q.2d 1566, 
1567 (Fed. Cir, 1 990). All limitations of die claimed invention must be considered when 
determining patentability. In rc Lowry, 32 R3d 1570, 1582, 32 U.S.P,Q,2d 1031, 1034 
(Ped> Cir. 1994). Anticipation focuses on whether a claim reads on the product or process a 
prior art reference discloses, not on what the reference broadly teaches. Kalman v. 
Kimberly-Clark Corp., 713 F.2d 760, 218 U.S.P.Q. 781 (Fed. Cir. 1983). Applicants 
respectfully submit that McManis docs not identically show every clement orUic claimed 
invention arranged as they are in the claims. Specifically, McManis docs not teach the 
feature of receiving automatically authenticated code, the automatically authenticated 
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code including an embedded first hash value of the unauthenticated code. Additionally, 
McManis docs not teach that the first hash value is embedded in the autwnfliicaUy. 
iUillipjalic^cd'ccMlc. 

McManis is directed towards a system and method in which a program interpreter 
for programs, whose integrity is verifiable, includes a facility for using non-verifiable 
programs from trusted sources. In addition, McManis provides a system and method for 
refusing to execute other non-veri fiablc programs. The McManis system includes a 
program executor that executes verifiable architecture neutral programs and a class loader 
that prohibits the loading and execution of non-verifiable programs unless the non- 
vciifiahle program resides in a trusted repository of such programs or the non-verifiable 
program is indirectly verifiable by way of a digital signature on the non-verifiable program 
that proves the program was produced by a trusted source. 

Claim I recites receiving M.omMlicaUyjH^ the aut omatica lly, 

luithenti catcd c ode including an embedded f ust has h yjlMofjfoejwmto 
A first hash value r»f nnnnthontic ated co de, such as for example native code, is embedded 
into jjntnniaticallY authent ic ated cod e, such as for example JAVA code that references the 
native code. The automatically authenticated code is received and the unauthcnticaled 
code is received; the automatically authenticated code and unauthenlicatcd code arc two 
separate entities. The method to verify the unauthciilicatcd code comprises generating a 
second hash value frpmthcjpc^^ and comparing the generated 

second hash value of the received unauthenlicated code with the embedded first hash 
value from the ouiomaticaUy^ McManis does not teach or suggest the 

features as recited in claims 1,11, and 21. 

In the rejection of claims 1,11, and 21, the Office Action refers to the following 

portion of McManis: 

However, in this case, the Compiler's and CompParly's.public keys are 
retrieved from the trusted key repository m and respectively used to decrypt the 
MDc and fTashFiinctioii c ID in the DigitalSignaturec and the MD C p and the 
HashFwictioncp ID in the DigitalSignalurcu.. Furthermore, the test message 
digests (TcslMDc and TcslMDcv) corresponding to the decrypted MD CK and MD C 
arc generated by computing hash codes on the data bits of the ASProgram code 
plus the DigitalSignaturcop for the TeslMD? and on the same data bits plus the 
DigitalSignaturecVor the TeslMDcr, according respectively to the HashFunctioiic 
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and HashFUncUoncp identified by the decrypted HashFimction (; ID and 

Tftlie DigitalSignalurec and/or the Di|.,italSignalurc C p is not ven Tied (i.e., 
MDc noteq.TestMDc and/or MD CP .notcq.TcstMDop) for every ASProgram, then 
the signature verifier 136 sends back to the class loader 136 a failed result. In 
response, the class loader aborts the class losing procedure and generates an 
appropriate message that this has occurred. 

However if the DiejtalSignaturec and the DigilalSignature C P are both 
vcrilicd (i.e., MD C -TeslMDc and MD cl > -foslMDcp) for every ASProgram, then 
the ANProjjram executer 1 24 again calls signature veriher 132 to verify the 
Ori^ParW's signatures (DigilalSignaturcoiO for the ANPrograros from which the 
ASProErams were compiled. To verify the OrigParty digital signatures, the 
DigitalSiqnalureo,. of each is verified in the same manner as was discussed earlier 
in the section concerning compilation of the ANProgram 200. 

McKfatris, column 10, line 64 through column 1 1, line 25. 

This portion oiMcManis teaches that compiler and compiler party public keys arc 
retrieved from a trusted repository and used to decrypt compiler and compiler party 
digital signs lures located in unaulJieoticateiL^ 

(ASProgram) to obtain the values lor the message digests (MDs) and hash functions for 
the compiler (C) and the compiling party (CP). The hash function for the compiler that is 
identified are then used to hash the bits of the application specific program (ASProgram) 
plus the digital signature of the originating party to obtain a test message digest for the 
compiler. The hash function Tor the compiling parly is then used to hash bits of the 
ASProgram plus the digital signature of the compile to obtain a test message digest for 
the compiling parly. A determination is then made as to whether cither the message 
digest for the compiler docs not equal the test message digest for the compiler or the 
message digest for the compiling party docs not equal the test message digest for the 
compiling party. If cither of these conditions arc met, the message is not authenticated. 

Thus, the sections otMcMtuiis that the Office Action alleges teaches the features 
of the present invention arc actually directed to authenticating the digital signatures of the 
compiler and compiling party for application specific programs in an object class (sec 
column 10, lines 32-42). This verification is based on information decrypted from 
unanthenticatcd code. In contrast, the claims oflhc present invention recite that a first 
hash value of unaulhcnlicatcd code is embedded in aatpjnatic^bt^^ 
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McManis docs not leach or suggest embedding a hash value of ^authenticated code in 
automatically authenticated code. 

Additionally, McManis teaches comparing tot message digests for the compiler 
mid compiler party, generated using data bits of unauthentic ated code (ASProgram), with 
the decrypted compiler and compiler party message digests from the same 
unauthenlicalcd code (ASProgram). Thus, McManis teaches to compare a message 
digest encrypted in unauthcnlicatcd code with a message digest generated from the 
umuuhenticated code. In contrast, claims 1 , 11, and 21 recite a fust hash value embedded 
in cUi(onMc>d^ antl comparing the first hash value with a second 

hash value generated from a separately received miii:ithcni.^atcA«^. In other words, in 
the presently claimed invention, the fust hash value is obtained from automatically 
authenticated code and the second hash value is obljincd from separate unauthcnlicatcd 
code. In McManis, the message digesLs arc decrypted and generated from the same code, 
i.u. the ASProgram. There is no automatically autht nticated code in McManis. 

In view of the above, Applicants respectfully submit that McManis docs not teach 
each and every feature of independent claims 1, 1 1, find 21 as required under 35 U.S.C § 
102(b). At least by virtue of their dependency on claims 1, 1 1, and 21, respectively, 
McManis does not teach each and every feature of dependent claims 2, 4-6, 12, 14-16, 22, 
and 24-26. Accordingly, Applicants respectfully request withdrawal of the rejection of 
claims 1-2,4-6, 11-12, 14-16, 21-22, and 24-26 under 35 U.S.C § 102(b). 

HI. 35 U.S.C § 103. Alleged Obviousness J3a,':ed on McManis 

The Office Action rejects claims 3, 10, 13, 20, and 23 under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over McManis (U.S. Patent Number 5,692,047). This 
rejection is respectfully traversed. 

As discussed previously, McManis docs not teach or suggest the features as 
recited in claims 1, 11, and 21. Specifically, McMunis does not teach automatically 
authenticated code, let alone automatically authenticated code that is a platform 
independent application or applet, as recited in dependent claims 3, 13 and 23. To the 
contrary, as discussed above, McManis performs operations based on only the data that is 
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encrypted in or derived from the ^authenticated code, i.e. the ASProgram. Therefore, at 
least by virtue of their dependency on claims 1,11, and 21 , respectively, McManis does 
not leach or suggest the features of dependent claims 3, 10, 13, 20, and 23. Accordingly, 
Applicants respectfully request withdrawal of the rejection of claims 3, 1 0, 13, 20, and 23 
under 35 U.S.C.§ 103(a). 

IV. 35 U.S.C . S 1M, Alleged Obviousness Base d ™ TVlrManis and Cordery 

The Office Action rejects claims 7-9, 17-19, and 27-29 under 35 U.S.C. § 103(a) 
as allegedly being unpatentable over McManis (U.S. Patent Number 5,692,047) in view 
of Cordery ct al. (U.S. Patent Number 6,480,831). 'I tils rejection is respectfully 
traversed. 

As discussed above, McManis docs not teach receiving automatically 
authenticated code, the automatically authenticated code including an embedded first 
hash value or the unauthcnlicatcd code. In addition, McManis does not teach comparing 
a first hash value that is embedded in automatically authenticated code with a second 
hash value thai is generated from separately received unauthenticatcd code. Furthermore, 
Applicants respectfully submit that Cordery does not teach or suggest these features. 

Cordery is directed toward a method and apparatus for securely transmitting keys 
from a postage metering apparatus to a remote data center. Cordery teaches a method for 
transmitting a key from a first device to a remotely located second device includes steps 
ol" generating the key within the first device; selecting one of aplurality of one-time pad 
values from a one-time pad stored within the first device; creating a hash of al least (he 
key and the selected one of the plurality of onc-linw pad values; and sending the hash and 
the key from the first device to the second device. Cordcrydocs not teach anything 
regarding aLitomatically_authcnticated codo_or embedding hash valucs in automatically^ 
. Authenticated code. Moreover, Cordery does not teach or suggest anything regarding 
comparing a first hash value that is embedded in automatically authenticated code with a 
second hash value generated from separately received unauthenticated code. Since neither 
McManis nor Cordery teach or suggest these features, any alleged combination of 
McManis and Cordery still does not teach or suggest these features. 
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Thus, neither McManis nor Contery, cither alone or in combination, teach or 
suggest receiving automatically authenticated code, live automatically authenticated code 
including an embedded first hash value of the unaulhcnlicatcd code as recited in 
independent claims l,.1l,and2l. At least by virtue of their dependency on claim 1, 11, 
mid 2 1 , respectively, neither McManis nor Conlery, either alone or in combination, teach 
or suggest the features of dependent claims 7-9, 1 7-19, and 27-29. Accordingly, 
Applicants respectfully request withdrawal of the rejection of claims 7-9, 17-19, and 27- 
29 under 35 U.S.C. § 103(a). 



V. Conclusion 

II is respectfully urged that the subject application is patentable over the cited 
references and is now in condition for allowance. 1 he Examiner is invited to call the 
undersigned at the belovv-lislcd telephone number if in (he opinion of the lixaminer such 
„ telephone conference would expedite or aid the prosecution and examination of this 
application. 

Respectfully submitted, 




Carslais, Yee & Cahoon, LLP 
P.O. Box 802334 
Dallas, TX 75380 
(972) 367-2001 
Attorney for Applicants 
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